Windows 7 GPO Mapped network Drives mapping in Win 10 but not Win 7

[trixrahbit]

I have a medium sized network running. We are currently migrating and updating our shared folder systems. The old system is running Win 2k8 R2 and still has the old mapped drives running what we haven't migrated. The new shared folders are on a new server Win 2012 R2 with a different folder structure and everything. Half the computers in the building run Win 7 Pro and the other half Win 10 Pro. Here is my issue. On every single Win 10 computer every drive maps and can be accessed normally, however the new shared drive DOES NOT map to any Win 7 machine. I created a Hyper V win 7 machine and on my Win 10 machine I have all my folders however when I log into that Win 7 machine only the home drives(located on the new share server) and the old shared drives seem to map. I have switched the Drive Maps to Update Create Replace, I have checked all permissions even though it seems not permission related as I can get to it on any win 10 machine. Any advice?

 

[Neemobeer]

I would turn on Group policy logging for drive mappings. Once the GPO has applied on the Windows 7 machines look in the trace file for errors related to the drive mappings. They should give you an idea of why they are not mapping.
How to enable Group Policy Preferences Logging via the Local Group Policy Editor

 

[Neemobeer]

I added a Windows 7 VM to my 2012 Windows domain and setup a mapped drive and it worked fine. Setup the tracing and it should tell you the problem.

 

[trixrahbit]

Thanks for this amazing info!! I ended up realizing what was wrong but maybe you can tell me why. It all came down to Access Based Enumeration being enabled. But on default why would it allow the hand off to WIN 10 machines but not WIN 7. Is this suppose to be like this or is it a glitch on one of the OS's?

 

[Neemobeer]

Access Based Enumeration is used to hide drive shares that users do not have permissions to. There is a possibly that it is a bug between Windows 7 and a Server 2012 DC. Somethings to verify:

• The users that the drive is hidden on have correct permissions on the shares themselves and that there isn't another group they belong to that has lower or no permissions on the share, Least Privileged will win
• Verify whether the GPO is only targeting an OU and that there are no item-level targeting that would affect users access
• Verify on the GPO itself that the users have access to process it. The default is Authenticated Users.

 

[trixrahbit]

That's the weird thing about it. I can get to in on my login from my win 10 machine. I set up a test win 7 and joined it to domain and logged in with my credentials and had the same issue. I would say you're most likely correct about there being a bug. I went over permissions a million times and didn't see anything that could be wrong and when I denied access to folders they did disappear on the win 10 machine. I'm wondering if possibly there is a permissions error I am missing and Windows 7 caught it but Win 10 let it slide which could be a major security flaw.

 

[trixrahbit]

I really do appreciate you working through this with me.

 

[Neemobeer]

I doubt Windows 10 is not catching permissions. It's most likely the introduction of new settings in Windows 10 that are not native to Windows 7 or different defaults. If you re-enable the access enumeration and the GPO drive mapping tracing you will potentially get an error message in the trace and it would be easier to figure out the root cause.

 

[trixrahbit]

Ok perfect. I will do this and post my results.